Author Topic: Avviso sito infetto  (Read 827 times)

0 Members and 2 Guests are viewing this topic.

Offline maurizio.camandona

  • Newbie
  • *
  • Posts: 2
Avviso sito infetto
« on: June 17, 2020, 12:13:21 PM »
Buongiorno, è da tre giorni che Avast mi avvisa, quando sono sul sito Biofototerapia.it, con questa frase: "sito infetto da URL:Blacklist ".  Conosco il sito e mi hanno assicurato che altri utenti lo utilizzano senza problemi. Volevo sapere cosa fare per poter ritornare ad utilizzare le informazioni di questo sito. Grazie a chi avrà la gentilezza di rispondermi.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32691
  • malware fighter
Re: Avviso sito infetto
« Reply #1 on: June 17, 2020, 01:29:31 PM »
4 engines detect this IP address as malicious: https://www.virustotal.com/gui/ip-address/212.129.40.177/detection
Dedibox SAS abuse.  Re: https://webcookies.org/cookies/biofototerapia.it/30615576?801568
Quote
Retirable jQuery library: jquery   1.12.4   Found in -https://biofototerapia.it/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp<br>Vulnerability info:
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Medium   CVE-2015-9251 11974 parseHTML() executes scripts in event handlers   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   123
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

plug-in - consider: The following plugins were detected by reading the HTML source of the WordPress sites front page.

Plugin   Update Status   About
awsm-team-pro    Unknown   
woocommerce 4.2.0    Current   latest release (4.2.0)
https://woocommerce.com/
newsletter 6.7.2    Current   latest release (6.7.2)
https://www.thenewsletterplugin.com/plugins/newsletter
wp-rocket    Unknown   
eu-cookie-law    Unknown   latest release (3.1.2)
https://wordpress.org/plugins/eu-cookie-law/
revslider    Unknown   
the-events-calendar 5.1.2.1    Current   latest release (5.1.2.1)
yith-woocommerce-affiliates-premium    Unknown   

Wrong setting:  User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   iwg   
ID: 2   bio-foto-terapia   
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested   Status
/wp-content/uploads/      enabled
/wp-content/plugins/      disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

All of the above mentioned, I do not see that website being blocked at the moment,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline maurizio.camandona

  • Newbie
  • *
  • Posts: 2
Re: Avviso sito infetto
« Reply #2 on: June 18, 2020, 05:08:04 PM »
Grazie mille per la risposta esaustiva. Ma se tu fossi nelle mie condizioni, cosa faresti? Cosa bisogna fare per poter vedere questo sito?